SUSE-CU-2025:6275-1: Security update of suse/pcp

[sle-container-updates at lists.suse.com]

SUSE Container Update Advisory: suse/pcp
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:6275-1
Container Tags        : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-62.17 , suse/pcp:latest
Container Release     : 62.17
Severity              : moderate
Type                  : security
References            : 1221107 1230262 1232526 1237442 1238491 1239566 1239938 1240788
                        1241549 1243991 1244050 1246934 CVE-2024-2236 
-----------------------------------------------------------------

The container suse/pcp was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2719-1
Released:    Thu Aug  7 05:38:32 2025
Summary:     Security update for libgcrypt
Type:        security
Severity:    moderate
References:  1221107,1246934,CVE-2024-2236
This update for libgcrypt fixes the following issues:

- CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2720-1
Released:    Thu Aug  7 05:38:44 2025
Summary:     Recommended update for crypto-policies
Type:        recommended
Severity:    moderate
References:  
This update for crypto-policies fixes the following issues:

- Update the BSI policy (jsc#PED-12880)
    * BSI: switch to 3072 minimum RSA key size
    * BSI: Update BSI policy for new 2024 minimum

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2780-1
Released:    Wed Aug 13 10:28:27 2025
Summary:     Recommended update for gcc14
Type:        recommended
Severity:    moderate
References:  1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050
This update for gcc14 fixes the following issues:

Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799

- Fixed libqt6webengine build.
- Fix build on s390x [bsc#1241549]
- Make sure link editing is done against our own shared library
  copy rather than the installed system runtime.  [bsc#1240788]
- Allow GCC executables to be built PIE.  [bsc#1239938]
- Backport -msplit-patch-nops required for user-space livepatching on powerpc.
- Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string.  [bsc#1239566]
- Disable profiling during build when %want_reproducible_builds is set [bsc#1238491]
- Fixes reported ICE in [bsc#1237442]
- Add larchintrin.h, lasxintrin.h and lsxintrin.h
  headers to gccXY main package in %files section
- libstdc++6 fix for parsing tzdata 2024b [gcc#116657]
- Fix ICE with LTO building openvino on aarch64 [bsc#1230262]
- Exclude shared objects present for link editing in the GCC specific
  subdirectory from provides processing via __provides_exclude_from.
  [bsc#1244050][bsc#1243991]
- Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap
  variant conflict with the unversioned cross-*-gcc package.


The following package changes have been done:

- crypto-policies-20230920.570ea89-150600.3.12.1 updated
- libgcc_s1-14.3.0+git11799-150000.1.11.1 updated
- libstdc++6-14.3.0+git11799-150000.1.11.1 updated
- libgcrypt20-1.11.0-150700.5.7.1 updated
- container:bci-bci-init-15.7-05eb7584a367b2bc7b5f08f62d2db8362d7e3f864d9a6c01c9f6cc82344c7532-0 updated